Massive data breach: Västerbotten on "high alert"

It's uncertain whether the hack attack was state-led or for criminal gain.
It's uncertain whether the hack attack was state-led or for criminal gain.

Sweden confronts a significant cybersecurity crisis with 178 suspected data breaches reported to the Swedish Data Protection Agency following a recent cyberattack. Västerbotten is one of four municipalities that have activated crisis management protocols.

It-säkerhet 26 januari 2024 14:23

A total of 178 incidents of suspected personal data breaches have been reported to the Swedish Data Protection Agency (Integritetsskyddsmyndigheten or IMY) following last weekend's cyber attack. Civil defence Minister Carl-Oskar Bohlin expressed concern that the attack could be one of the most serious challenges Sweden has ever faced.

Speaking at a press conference, Bohlin emphasized the seriousness of the situation, saying:

– We are dealing with a serious incident, the full extent of which is not yet known.

Numerous organizations, including 120 government agencies, 23 municipalities and regions, and 35 companies, have raised concerns about the potential exposure of personal information. Bohlin clarified that these reports do not confirm an actual data breach.

Minister for civil defence, Carl-Oskar Bohlin (M).

– At this time, we do not have any concrete information about the specific type of personal information affected, Bohlin added.

In response to the attack, four regions - Västerbotten, Sörmland, Blekinge and Uppsala - have activated crisis management protocols, according to the minister.

The cyberattack, which targeted Tietoevry on January 20, affected several systems, including the Primula human resources system used by 120 Swedish government agencies. Despite the scale of the incident, Bohlin reassured that the prognosis does not suggest any disruption to February salary payments.

Regarding the suspected perpetrators, identified as the Akira group, Bohlin declined to speculate on a possible Russian connection. He explained that such attacks typically have either an economic motive, involving ransom demands, or a political motive, possibly involving a state actor.

– We have no information at this time to determine which of these two motives applies to this attack, Bohlin said, noting that no specific ransom demands have been communicated by the group.

Bohlin noted previous warnings from the Bohlin highlighted previous warnings from the cybersecurity authority in Finland about Akira attacks and the Swedish Civil Contingencies Agency (MSB), which warned about the vulnerability exploited in this incident. He emphasized the importance of heeding such warnings and stated that an investigation would reveal how the company responded.

In response to a question about the impact on Sweden's national security, Bohlin acknowledged that it was too early to assess, but confirmed the extensive impact of the incident. He estimated that it could take several weeks to restore systems.

It's uncertain whether the hack attack was state-led or for criminal gain.
Ämnen du kan följa